The NSA’s Secret Campaign to Crack and Undermine Internet Security

Kap, Cagle CartoonsNSA builds 'industry relationships' to control encryption technologies, deteriorate privacy safeguards

Internet privacy safeguards known as encryption technologies promised by email, online banking, and other such online databases have been virtually 'defeated' by the U.S. National Security Agency, according to new documents obtained by the Guardian, New York Times, and ProPublica.

According to the Guardian—which has reported extensively on the NSA's dragnet surveillance practices revealed by NSA whistleblower Edward Snowden—the NSA and its British counterparts the GCHQ have used "covert measures" to control and manipulate international encryption standards to the benefit of the NSA, largely through building "industry relationships" with many technology companies and internet service providers.

As joint reporting by ProPublica and the New York Times explains, according to the documents and interviews with industry officials, the NSA has deployed "custom-built, superfast computers to break codes" and began collaborating with "technology companies in the United States and abroad" to build 'backdoor' entry points into their products and introduce weaknesses into their encryption standards.

The records do not identify which specific companies have been working with the NSA to this extent. However, one document does reveal that a GCHQ team has been working to develop ways into encrypted traffic on the "big four" service providers, named as Hotmail, Google, Yahoo and Facebook.

"By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet."

Through these relationships the NSA has become nearly immune to most encryption technologies, and has thus mastered the use of "supercomputers" to break encryption with "brute force," leaving a dying number of encryption technologies immune to NSA surveillance.

As one of the NSA documents obtained by the news agencies states, the NSA "actively engages US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs," and in turn inserts "vulnerabilities into commercial encryption systems."

"US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails," the Guardian reports.

"For the past decade, NSA has lead [sic] an aggressive, multi-pronged effort to break widely used internet encryption technologies," a 2010 GCHQ document states. "Vast amounts of encrypted internet data which have up till now been discarded are now exploitable."

"Cryptography forms the basis for trust online," said Bruce Schneier, an encryption specialist and fellow at Harvard's Berkman Center for Internet and Society. "By deliberately undermining online security in a short-sighted effort to eavesdrop, the NSA is undermining the very fabric of the internet."

The NSA's encryption busting program called "Sigint [signals intelligence] enabling" received $254.9 million in 2013 alone (compared to $20 million allotted to the previously exposed PRISM program).

“The encryption technologies that the NSA has exploited to enable its secret dragnet surveillance are the same technologies that protect our most sensitive information, including medical records, financial transactions, and commercial secrets,” stated Christopher Soghoian, principal technologist of the ACLU’s Speech, Privacy and Technology Project.

Soghoian continues:

Even as the NSA demands more powers to invade our privacy in the name of cybersecurity, it is making the internet less secure and exposing us to criminal hacking, foreign espionage, and unlawful surveillance. The NSA’s efforts to secretly defeat encryption are recklessly shortsighted and will further erode not only the United States’ reputation as a global champion of civil liberties and privacy but the economic competitiveness of its largest companies.

origin Blog: 
origin Author: 
Comments Count: 
Showing 0 comments